Transparently redirecting http traffic to local proxy in bridge mode

Transparently redirecting http traffic to local proxy in bridge mode

Router - LinuxBridge - Backbone -- 10.0.0.0/8 , 10.20.0.0/16 test net
|
|
|(eth1)
--------> Management Interface 10.101.101.10
# brctl show br0
bridge name bridge id STP enabled interfaces
br0 0000.00900b2a6f44 no eth16
eth17
br0 Link encap:Ethernet HWaddr 00:90:0B:2A:6F:44
--
eth1 Link encap:Ethernet HWaddr 00:90:0B:2C:80:A2
inet addr:10.101.101.10 Bcast:10.101.101.255 Mask:255.255.255.0
--
eth16 Link encap:Ethernet HWaddr 00:90:0B:2A:6F:44
--
eth17 Link encap:Ethernet HWaddr 00:90:0B:2A:6F:45
br0 is formed with eth16 and eth17. eth16, eth17 and br0 has ifconfig
"0.0.0.0 up". That is no IP set.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.101.101.1 0.0.0.0 UG 0 0 0 eth1
10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
There are lots of clients within subnets other then 10.101.101.0
management subnet behind backbone.
I am trying to transparently cache http traffic.
# iptables -t nat -I PREROUTING -p tcp -s 10.20.0.0/16 --dport 80 -j DNAT
--to-destination 10.101.101.10:3128
Alternatively,
# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-source
10.20.0.0/16 --ip-destination-port 80 -j redirect --redirect-target ACCEPT
# iptables -t nat -A PREROUTING -i br0 -p tcp -s 10.20.0.0/16 --dport 80
-j REDIRECT --to-port 3127
I see packet counters increasing in iptables stats. However squid can not
reply back to the clients. Internet stops for clients.
I have tried with rp_filter=0,1 and accept_local=0,1; Result were the same.
Is it possible to transparently redirect traffic in such as topology? What
do you suggest to make it work?
Best Regards,